boot0cfg problems

Jeremy Chadwick freebsd at jdc.parodius.com
Fri Oct 1 11:34:36 UTC 2010 

On Fri, Oct 01, 2010 at 01:20:42PM +0200, Daniel Braniss wrote:
> > On Fri, Oct 01, 2010 at 09:26:41AM +0200, Daniel Braniss wrote:
> > > In a not so distant past, boot0cfg -sn ... used to work, then it only
> > > partialy worked, it would modify the data in boot but not the mbr, for
> > > which 'gpart -s set active -in ...' modified the mbr. Now
> > > # boot0cfg -s1 -v /dev/mfid0
> > > boot0cfg: write_mbr: /dev/mfid0: Operation not permitted
> > > but:
> > > # boot0cfg -v /dev/mfid0
> > > #   flag     start chs   type       end chs       offset         size
> > > 1   0x80      0:  1: 1   0xa5   1023:212:63           63     41943006
> > > 2   0x00   1023:255:63   0xa5   1023:169:63     41943069     41943006
> > > 3   0x00   1023:255:63   0xa5   1023:126:63     83886075     41943006
> > > 4   0x00   1023:255:63   0xa5   1023:201:63    125829081   1046478825
> > > 
> > > version=2.0  drive=0x80  mask=0x3  ticks=182  bell=# (0x23)
> > > options=packet,update,nosetdrv
> > > volume serial ID 9090-9090
> > > default_selection=F2 (Slice 2)
> > 
> > Can you try doing "sysctl kern.geom.debugflags=16" first?
> >
> this is not realy foot-shooting :-), but
> - the error msg is gone,
> - the slice info is updated,
> - but the active bit in the mbr is not! - some bioses rely on it.
> looking at changes done to boot0cfg.c there is now an err(...) call which
> does an exit, before the boot is updated. I changed it to a warn(...) and the 
> old
> behaviour is back.
> BTW, 
> a- gpart command should have been: gpart set -a active -i n ...
> b- this works with kern.geom.debugflags=0.

Bit 4 (hence 0x10, or 16 decimal) in kern.geom.debugflags is described
as:

     0x10 (allow foot shooting)
             Allow writing to Rank 1 providers.  This would, for example,
             allow the super-user to overwrite the MBR on the root disk or
             write random sectors elsewhere to a mounted disk.  The implica‐
             tions are obvious.

I read this as: "you can't modify the MBR of a root disk unless bit 4 of
this sysctl is set".  Sector 0 holds the MBR, and boot0cfg modifies the
MBR.  So can you explain what you mean by "this really isn't
foot-shooting?"  I mean, even the NOTE section of the boot0cfg(8) man
page documents what I'm trying to say.

Anyway, if the MBR did get updated without kern.geom.debugflags having
bit 4 set, then wouldn't this indicate there's a bug in GEOM's "sector
0" protection?

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list